API reference
CRIE exposes a single REST/JSON API at /v1/.... All endpoints require a valid session cookie unless explicitly marked public. State-changing requests require a CSRF double-submit token.
Conventions
- Content type —
application/jsonfor all read/write endpoints; multipart for uploads. - Errors — RFC 7807 Problem Details JSON with stable machine-readable
codevalues. - Pagination — cursor-based,
?cursor=…&limit=…. - Idempotency — POST creates accept an
Idempotency-Keyheader.
Endpoints
| Area | Method | Path | Description |
|---|---|---|---|
| Auth | POST | /v1/auth/login | Exchange credentials for a session cookie |
| Auth | POST | /v1/auth/logout | Invalidate the current session |
| Auth | GET | /v1/auth/me | Current user + role |
| Patients | GET | /v1/patients | List patients (RBAC + RLS scoped) |
| Patients | POST | /v1/patients | Create a patient (PHI encrypted at rest) |
| Patients | GET | /v1/patients/:id | Fetch a single patient |
| Notes | GET | /v1/notes | List notes for a patient |
| Notes | POST | /v1/notes | Create a clinical note |
| Analyses | POST | /v1/analyses | Run AI analysis over a note |
| Analyses | GET | /v1/analyses/:id | Fetch an analysis |
| Analyses | GET | /v1/analyses/:id/stream | SSE stream of pipeline step events (new in v0.4) |
| Alerts | GET | /v1/alerts | List clinical alerts |
| Alerts | POST | /v1/alerts/:id/acknowledge | Acknowledge an alert |
| Health | GET | /v1/health/live | Liveness |
| Health | GET | /v1/health/ready | Readiness — DB + migrations |
| Health | GET | /v1/health/modules | Per-module enablement flags |
| Chatbot | POST | /v1/chatbot/ask | Ask CRIE — RAG over docs (new in v0.4) |
Full module-by-module endpoint listings live on each module page.